What is a Man-in-the-middle-attack and what are the tools available to protect yourself?
Picture a situation where a banker is having a conversation, verifying username and password for his client. Seems legit, right? Except, both of them are unaware that someone else is eavesdropping their secure conversation without their consent. This is called a man in the middle attack, or MITM.
How Does a Man in the middle Attack works?
A Man-in-the-middle-attack is a cyber eavesdropping when an unauthorized person or group insert themselves in a conversation between the victim, and the entity or organization to which the victim is talking to.
The worst part?
Both parties assume to be communicating in a secure conversation, whereas in fact the man-in-the-middle is hearing everything, This cyber eavesdropping happens when the cyber attack successfully infiltrates a network.
And that’s when all hell breaks lose. The dialog among the victims in the form of an email, telephone conversation website, financial transaction or a data transfer, contains confidential information such as login IDs and passwords, which are then immediately compromised by the criminals.
What is the purpose of Man-in-the-middle-attacks?
Man-in-the-middle attacks are increasingly being used by ransomware attackers. MitM can also used for cyber espionage, spying, and sabotage of communications.
Related: What is Ransomware as a Service and How Does it Work?
Governments and intelligence agencies rely on the MitM attacks to spy on their enemies. Since the intention is to secretly eavesdrop on the communication, the attackers tend to remain hidden during the entire session.
Types of Man-in-the-middle attack
There are various types of MitM attacks that can happen at any time, here are the 7 most common types of Man in the middle attacks:
1. IP Spoofing
Your IP is an internet protocol address that is truly unique to you. Any internet-connected device such as a smartphone, laptop, tablet, or TV, etc. gets a unique IP, which is akin to the street address of your home. Cyber criminals will spoof an IP address of a legitimate website tricking you into thinking that you are dealing with the website when in fact you’re simply falling into the trap of a cyber criminal. You then unknowingly provide information to the hacker.
2. Wi-Fi eavesdropping
Let’s suppose you go to a nearby cafe to enjoy a cup of coffee with your friend. Soon you realize that you need to connect to the Wi-Fi and immediately scan for nearby networks. You notice a “Free Cafe Wi-Fi” hotspot signal and immediately connect it. You login to your bank, Venmo or Paypal, transfer money to a friend’s account, and log off. Then after some time you sign in to your Instagram, take a selfie and post it to your account.
Unbeknownst to you, the entire session was monitored and tracked by the cyber criminal who set up his own malicious Wi-Fi hotspot (SSID). Your login details have now been compromised. Any activity you did was monitored and if you don’t change your passwords, you could be in for a rather rude awakening! Your Instagram account and bank account can be hacked compromising your identity and financial information. Furthermore, if one of your employees uses a compromised network to remotely access your corporate network either through a remote session or through a VPN, there is a high likelihood that a ransomware attacker has gained access and you will be scrambling to find a way to decrypt ransomware encryption in the very near future.
It is for this reason we NEVER recommend for you to connect using a public WiFi network. They are insecure, unreliable and are commonly setup or taken over by criminals who want to eavesdrop on your activity.
3. Email Hijacking
Similar to Wi-Fi spoofing, email hijacking works by intercepting the email servers of the bank or a legitimate website where you have an email account. Once intercepted, the user can pretend to be sending emails from your bank, persuade you to sign in, and pay your bills online. Hackers actively eavesdrop on your activities.Within a spoofed or intercepted email, an attacker can insert a variety of exploits that can under certain circumstances lead you to have to deal with a ransomware incident.
4. SSL Hijacking
SSL stands for Standard Sockets Layer, and is a certificate which shows that the data you communicate with the website is secure online. In SSL Hijacking, the hacker uses a separate system and a secure server. While you might be thinking that your communication is safe, whereas in fact it is the hacker controlling your entire online session. It is also called session hacking.
5. DNS Spoofing
You visited your bank’s website, tried signing in, but it returned errors. Frustrated, you exit the website and leave. Good enough? Oh wait! After 30 minutes, you receive an email and an SMS notification that you just transferred $2,000 to someone from your account.
How’s that even possible?
What happened here is that the website where you tried signing in did not belong to the bank. The hacker spoofed DNS name records of your bank’s website and fooled you into visiting a fake website instead of the real one. The user credentials entered on the fake website were stolen by the hacker, who used them to access your account. This is called DNS spoofing.
6. Stealing browser cookies
Ever noticed why you keep seeing the small popup messages like:
We use cookies to serve you with an amazing experience. Kindly accept our terms and conditions here to proceed.
Cookies are small bits of information a website stores on your computer. In simpler words, it’s similar to a note that the website takes about yourself such as your name, shopping habits, abandoned cart items and more. This way the websites remember your browsing session.
Hackers steal these cookies containing your private information such as credit card numbers, names, and email addresses to gain access to some of the programs used by employees to successfully infiltrate a company network.
How to Protect against man-in-the-middle attacks?
The biggest challenge when it comes to protection against MitM is that the eavesdropper is working like a silent spectator, monitoring your activities. And this mostly goes unnoticed by victims and entities. However, despite how clever these cyber criminals can get, you can follow the tips outlined below for your protection:
- Never use a public WiFi connection. Other than simply browsing a website, do NOT enter your social media or bank credentials.
- Always visit websites with an HTTPS certificate. If you visit one without HTTPS, Google and Firefox already do their jobs of warning you in advance. Think of it like an added layer of protection.
- Banks will NEVER call or EMAIL you to update your username or password – If you receive a call or an email pretending to be a customer support agent from your bank, NEVER give them your username and passwords. They will trick you by giving reasons such as “service up-gradation” for which they want your current username, password and credit card numbers. We can’t tell you how many people have fallen ill to this scam. Always ask yourself these questions:
- Why are they calling me?
- Do I even have an account at this bank?
- Are they forcing and threatening me to hand them the details?
- Update your WiFi network with a stronger and securer password. Never rely on the default password that comes with the router.
- Install an Antivirus Software – Use a reliable antivirus software to maximize your chances of staying protected online.